package com.ynsj.config.resource;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.util.FileCopyUtils;

import java.nio.charset.StandardCharsets;


/**
 * @author 86130
 */
@Configuration
@EnableResourceServer//开启资源服务
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启方法权限动态配置 之后在方法上使用 @PreAuthorized 配置访问接口的权限
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    /**
     * 处理请求放行/拦截规则
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        //禁用跨站伪造防御
        http.csrf().disable()
                //禁用session管理器
                .sessionManagement().disable()
                //放行哪些接口
                .authorizeRequests().antMatchers(
                        "/v2/api-docs",
                        //用来获取支持的动作
                        "/swagger-resources/configuration/ui",
                        //用来获取api-docs的URI
                        "/swagger-resources",
                        //安全选项
                        "/swagger-resources/configuration/security",
                        "/webjars/**",
                        "/swagger-ui.html",
                        "/login",
                        "/gt/register"
                ).permitAll()
                //哪些接口需要验证
                .antMatchers("/**").authenticated()
                //禁用header缓存
                .and().headers().cacheControl();
    }

    /**
     * 设置授权公钥
     * @param resources
     * @throws Exception
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenStore(getTwtTokenStore());
    }

    /**
     * 转化token格式
     * @return
     */
    private TokenStore getTwtTokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter(){
        //这个转换器需要放在ioc容器里面
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        String s = null;
        try {
            //读取公钥文件
            ClassPathResource classPathResource = new ClassPathResource("coinexchange.txt");
            //将读取出来的公钥文件转换为bytes数组
            byte[] bytes = FileCopyUtils.copyToByteArray(classPathResource.getInputStream());
            s = new String(bytes, StandardCharsets.UTF_8);
        }catch (Exception e){
            e.printStackTrace();
        }
        //设置读取出来的公钥字符串
        jwtAccessTokenConverter.setVerifierKey(s);
        return jwtAccessTokenConverter;
    }
}
